Applying collaborative anti-spam techniques to anti-virus

Adam J. O'Donnell, Vipul Ved Prakash Cloudmark Inc.

Corporate stream: Friday 13 October 2006, 09:40 - 10:20.

One of the most effective techniques available for combating spam is the widespread application of collaborative filtering, where members of a community submit votes as to whether or not a piece of content is spam. The success of such a system is contingent upon the assumption that individual users can, with high accuracy, determine the difference between a piece of spam and a piece of legitimate mail. It is non-obvious that this assumption will also hold true for email-borne malware threats, whose sole indicator is often the presence of an attachment on a seemingly legitimate email.

In this paper we present data and analysis of our successes in applying a collaborative filter originally designed for anti-spam to the anti-virus problem. Our results from specific case studies will be discussed, including the CME-24 outbreak of early 2006. We show that not only is a collaborative filter effective for filtering viruses, the large number of participants allow the filter to begin acting on the virus within minutes of its initial sighting with an extremely low false positive rate.

VB Conferences

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘The VB conference is must-see event undoubtedly. A reference event in the field, definitely.’

Poll

Have you ever been conned by a phishing email?

Leave a comment
View 12 comments

VB2008

VB2008 will take place 1-3 October 2008 at the Westin Ottawa, Canada. Registration has opened; please check the call for papers.

Virus Bulletin currently has 137,607 registered users.

Fighting malware and spam